From BruCON 2017
Practical Malware Analysis: Rapid Introduction by Michael Sikorski
Get a rapid introduction to Practical Malware Analysis from the guy who wrote the book. This crash course will train students on how to triage and analyze malicious software. Students will get hands-on experience in the art of dissecting malicious code and gain necessary skills in order to perform analysis in the field.
Students will learn how to:
- Quickly extract network signature and host-based indicators to locate and defeat
- Use key analysis tools like IDA Pro and OllyDbg
- Apply newfound knowledge of Windows Internals for malware analysis
- Analyze binary code that is contained in executables
- Get hands on experience analyzing backdoors, downloaders, keyloggers and
- Set up a safe virtual environment to analyze malware in a lab environment.
Agenda of Class
- Malware Analysis overview
- Setting up a safe environment
- Quickly obtaining signatures and indicators using basic static and dynamic techniques
- A crash course in x86 Disassembly
- Using IDA Pro for reversing malware
- Analyzing malicious Windows programs
- Debugging malware
- Eagerness to learn by getting hands-on
- Knowledge of operating systems and computer architectures
- Basic computer programming skills with any language
- Windows Internals knowledge is helpful but not required
- VMware Workstation or Fusion installed. VMware Player is acceptable for this class, but
generally not recommended.
- Roughly 30GB of free hard drive space for tools and the VMware image.
Michael Sikorski is a well-known expert in malware analysis. He is a Technical Director at Mandiant and a member of the Mandiant Labs (M-Labs) leadership team. He leads the M-Labs malware analysis team through reverse engineering malware as a primary analyst and manages the overall workflow and process used by the team. Mike created a series of courses in malware analysis and teaches them to a variety of audiences including the FBI, NSA, private companies, and Black Hat. He is co-author of the book “Practical Malware Analysis,” which was published by No Starch Press in early 2012.
Mike has over a decade of experience in the field of computer security and technical development supporting government computer network operations. He came to Mandiant from the Massachusetts Institute of Technology’s (MIT) Lincoln Laboratory. Mike is also a graduate of the National Security Agency's three-year Systems and Network Interdisciplinary Program (SNIP).
You can find out more from Michael on http://practicalmalwareanalysis.com/
24 & 25 September (09:00 - 17:00)